The growth of enterprises result in heterogeneous environments with complex business demands. Some of the biggest identity and access management (IAM) challenges faced by these organizations include inconsistent password policies, excessive identities and directories, diverse and time-consuming auditing processes and an increasing need to stay on top of compliance regulations. Moreover, maintaining an enterprise LAN border is no longer viable as enterprises shift to cloud platforms and adopt SaaS and mobile apps that cross typical security domain boundaries. Your productivity levels will go down if users can’t access the apps they need, the risk of breach when employees access apps outside of your enterprise will increase and you will face high maintenance costs for legacy systems. To avoid this, you need to implement a modern identity and access management solution that provides seamless user experiences, secures access for employees and partners, easily integrates legacy system as well as cloud and mobile apps, and manages employee data securely and efficiently. Malithi and Pulasthi explored how to address these IAM challenges and adopt strategies that lead to efficient, secure and compliant IAM. They will discuss The IAM challenges of complex heterogeneous enterprises Common IAM use cases Common patterns for IAM solutions

1. Enterprise Identity and Access Management
Use Cases
Malithi Edirisinghe Pulasthi Mahawithana
Associate Technical Lead Senior Software Engineer
August 8, 2017

2. TODAY’S IT CHALLENGES
2
2
More
Compliant
Business
● Increasing
regulatory demands
● Increasing privacy
concerns
● Business viability
concerns
More Agile
Business
● More accessibility
for employees,
partners and
customers
● High level of B2B
integrations
● Faster reaction to
changing
requirements
More Secured
Business
● Identity theft
● Intellectual property
theft
● Constant global
threats

3. TODAY’S SECURITY IS NO LONGER SECURE
● Two-thirds of organizations averaged five or more breaches in
the past two years
Forrester Consulting Thought Leadership Paper, February 2017
● Nearly six billion data records were lost or stolen in past few
years
● An average of over 165,000 records compromised every hour
http://www.breachlevelindex.com/
● Global cybercrime-related damage costs are expected to exceed
$6 trillion annually by 2021
www.csoonline.com/article/3153707/security/ top-5-cybersecurity-facts-figures-and-
statistics-for-2017.htm
3

4. How do you rate the need for having a mature IAM to succeed in
Digital Transformation ?
IAM FOR DIGITAL BUSINESS
4
Kuppinger Cole Ltd.,Berlin,
29.06.2017

5. FORRESTER IAM MATURITY MODEL
● Nonexistence (level-0): No identity management system in
place — and do not realize the need.
● Ad hoc (level-1): Occasionally, not consistent, not planned,
disorganized.
● Repeatable (level-2): Intuitive, not documented, occurs only
when necessary.
● Defined (level-3): Documented, predictable, occurs only when
necessary.
● Measured (level-4): Well-managed, formal, often automated,
evaluated frequently.
● Optimized (level-5): Continuous and effective, integrated,
proactive, usually automated.
5

6. ENTERPRISE IAM USECASES
● Identity Lifecycle Management
● Seamless access to applications and resources
● Regulatory Compliance
○ Identity Assurance
○ Auditing, Reporting and Monitoring
● Fraud Detection, Prevention and User Behavior
Analytics
6

7. #1
IDENTITY LIFECYCLE MANAGEMENT

8. IDENTITY LIFECYCLE MANAGEMENT
Phases
● User On-boarding/Account Activation
● Account Maintenance and Support
● User Off-boarding/Account Termination
These processes will differ for
● Employees
● Partners
● Contractors
8

9. USER ONBOARDING / ACTIVATION
9
● Usually involves
○ Workflow approval
○ Provisioning accounts
○ Verifications
■ Mail
■ Phone
○ Activation

10. Over the time the employees will require
● Privilege changes due to
○ Promotions
○ Change of Roles
● Profile updates
ACCOUNT MAINTENANCE
10

11. ● Deprovision the federated accounts
● Delete/Disable the account
USER OFFBOARDING/TERMINATION
11

12. DEMONSTRATION

13. #2
SEAMLESS ACCESS TO RESOURCES

14. SEAMELESS ACCESS TO RESOURCES
● Distributed Workforce
○ Mergers, Acquisitions and Partnerships
○ Remote Workstations
○ Mobile Workforce
● Distributed Applications
○ SaaS Applications
○ Corporate Applications
○ Mobile Applications
14

15. SINGLE SIGN ON/ SINGLE LOGOUT
15

16. BYOID
16

17. BYOD
17

18. REAL-TIME ACCESS CONTROL
18

19. #3
REGULATORY COMPLIANCE

20. REGULATORY COMPLIANCE
● PCI
● HIPAA
● SOX
● FERPA
● GDPR
● PSD2
20

21. IDENTITY ASSUARANCE
● Compliance is more or less about ensuring Identity
Assurance
21

22. AUTHENTICATION LEVELS
22
Meaning Authentication
AL1
Little or no
confidence
PIN and Password
AL2 Some confidence Single factor Authentication
AL3 High Confidence
Multi-factor Authentication
via ‘soft’, ‘hard’, ‘OTP’ tokens
AL4
Very High
Confidence
Multi-factor cryptographic
authentication with hard
tokens

23. PASSWORD RECOMMENDATIONS
● No universally accepted alternative for password
● Password recommendations:
○ Min, Max length
■ PINs - min: 6 digits
■ Passwords - min: 8 characters, max:64 characters
○ Specific character content
○ Password validation
■ against history
■ against a dictionary of bad choices
○ Avoid brute force and dictionary attacks
● Recovery and Password Reset
○ Security questions/ hints
○ Email Notifications
23

24. AUDITING AND MONITORING
● You might not know who will access your system
● Full Audit on user activities are important
○ Specially on User Management, Admin
operations
○ Who, What, From Where, When, How
24

25. #4
FRAUD DETECTION, PREVENTION
AND ANALYTICS

26. FRAUD DETECTION AND PREVENTION
● Monitor, Detect and Remediate
● Understanding user behavior
● Predicting future needs
26

27. ALERTING
27

28. ENTERPRISE IAM PLANNING
28
Assess your
current IAM
strategy
1
Have a clear inventory
of your current identity
and authentication
infrastructure and
policies
2 Evaluate the
right IAM
approach
Security, Productivity
and Compliance
concerns
Cloud Vs Corporate
deployments
Open standards Vs
Proprietary Interfaces
Assemble key
stakeholders
Define deployment plan
Implement IAM solution
Gain end user
acceptance
Define a strategy
to execute IAM
plan
3
28

29. ENTERPRISE IAM TRENDS
● By 2019, more than 80 percent of organizations will use
access management software or services, up from 55
percent today.
● By 2021, IDaaS will be the majority access management
delivery model for new purchases, up from less than 20%
today.
Gartner Magic Quadrant for Access Management,
June 2017
29

30. 30

31. Q&A
31

32. THANK YOUTHANK YOU